CAS secure cookie
Harippriya Sivapatham
hari_forums at yahoo.com
Wed Aug 29 17:32:36 EDT 2007
Hello,
I have been looking into CAS for the past few days. My setup is that I have a tomcat that has the CAS server and multiple CAS clients. I have two questions that I hope someone could shed some light on.
- After the user logs in, I understand that the secure cookie is placed in the browser. Who validates this cookie sent with subsequent requests? In other words, will every client request be sent to the login url and then the requested content served? If yes, I dont see these transactions in the access log as a 302 redirect.
- Is there a programatic way of reading the cookie in a JSP. I tried request.getHeader("Cookie") but that did not help. The reason I ask is to handle the case of multiple CAS clients pointing to the same CAS server. If user logs into one CAS client and then tries to access another client, he will be redirected (302 response returned) to the login URL. This works as expected and the user is not challenged. However, in my case, an applet is the one requesting and it is not able to handle these 302 responses. I am trying to find a way to avoid this redirect, perhaps by sending the cookie information.
Thanks a lot for your help
Hari
---------------------------------
Yahoo! oneSearch: Finally, mobile search that gives answers, not web links.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070829/244731b3/attachment.html
More information about the cas
mailing list